PRIVACY Archives - Page 7 of 16 - Avvocato Federica Romanelli

Italian DPA fines political party for privacy policy violation

Posted on April 26, 2018April 30, 2018 by Federica Romanelli

In March 2018, the Garante per la Protezione dei Dati Personali, Italy’s Data Protection Authority, issued a fine of Euros 32,000 against the Rousseau association, controller of the processing of data of the website users of the Italian political party “5-Star” (Cinque Stelle). Federprivacy reports. After a data breach, the Italian DPA started investigating whether the websites had a compliant data privacy policy. Among other security issues, the DPA discovered the controller did not Read more [...]

Watch your connected thermostat, it might open the doors to your bank account

Posted on April 25, 2018October 29, 2018 by Federica Romanelli

Hackers stole a casino’s high-roller database hacking through a thermometer placed in a fish tank of the casino. The hackers accessed it and were then able to find their way across the network and up to the cloud to the valuable database. Source Businessinsider reports on April 15, 2018. Nowadays a lot of devices and everydaytools are connected (IoT), from thermostats to home appliances, vehicles and all kinds of other items embedded with technology that enables these objects to connect and Read more [...]

The CLOUD Act: significant changes to cross-border access to data held by communication-service providers

Posted on April 17, 2018February 14, 2019 by Federica Romanelli

On March 23, 2018, the omnibus spending bill was signed into law; a portion contains the Clarifying Lawful Overseas Use of Data Act (CLOUD Act). The CLOUD Act’s main goal is to grant governments timely access to electronic data stored by communication-service providers (such as email service providers, certain cloud service providers and social media providers). The Act allows US law enforcement authorities to access data stored abroad as well as foreign authorities to directly seek disclosure Read more [...]

Guidelines on data breach notification

Posted on March 30, 2018March 30, 2018 by Federica Romanelli

On February 6, 2018, Working Party 29 (WP29) adopted the Guidelines on Personal data breach notification under Regulation 2016/679, wp250rev.01 Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR) introduces the requirement for a personal data breach to be notified to the competent national supervisory authority (or in the case of a cross-border breach, to the lead authority) and, in certain cases, to communicate the breach to the individuals whose personal data have been Read more [...]

Records of processing activities of Article 30 GDPR – some model forms

Posted on March 20, 2018March 20, 2018 by Federica Romanelli

Article 30 GDPR requires each controller and each processor to maintain a record of processing activities under its responsibility which must be in writing (including electronic form). Article 30 details the minimum content of the record. Some DPA made available model forms and notes for keeping records of processing activities: the BayLDA, the Bavarian DPA for the controller and for the processor; the ICO, the UK Information Commissioner’s Officer, see here; the AEPD, the Spanish Read more [...]